The present embodiments relate to communications in an industrial control system (ICS). A programmable logic controller (PLC) is accessed via a transmission control protocol (TCP) connection over an internet protocol (IP) network of an Ethernet network. An attacker with access to the Ethernet or internet protocol (IP) network may be able to intercept communications to and from the programmable logic controller. Intercepted communication traffic may reveal sensitive information about the industrial process being controlled by the programmable logic controller. This sensitive information may include information that would be useful to an attacker in order to further penetrate the target systems, such as passwords. An attacker with access to the network may also send malicious commands to the programmable logic controller to disrupt the industrial process.
Sensitive communications with a programmable logic controller are protected by physically securing networks. The networks are buried or placed in inaccessible locations. Air gaps between control networks and external networks (e.g. the Internet) are often employed. The communications may be protected by encryption at the application layer (layer 7 in the open systems interconnection (OSI) model). Virtual private network (VPN) bridges, which provide encryption at the network layer (layer 3 in the open systems interconnection model), may be used to secure communications. However, undesired access may still be provided through unsecured channels, whether due to lack of physical security or communications security.